Twitter

RSS

A 27-year-old man described as one of the world’s most prolific spammers was arrested Wednesday, and federal authorities said computer users across the Web could notice a decrease in the amount of junk e-mail.

Sure he’s an evil, thieving, destructive, lying, plague on the face of the internet, but you gotta hand it to him: He was good at what he did.

Sadly, I think there’s probably some language in the justice system that prevents us from having him burned at the stake. I’m holding out hope that a loophole may be found.

Not that I totally agree with it but this is an interesting take on spam and anti-spam legislation:http://www.cosmoetica.com/B68-DES33.htm
Bit bombastic (man I’ve wanted to use that word for a while now) but interesting.

I’m generally a pretty liberally-minded guy when it comes to crime and punishment. However, I’m also an email administrator. When it comes to spammers, particularly zombie spammers like this guy, I’m fully in favor of punishment by flaying. Slowly.

I’m no expert, but I imagine there are some forms of spam that aren’t necessarily illegal. But things like what this guy was doing (taking over other people’s computers to send out bulk e-mails) definitely is.

What got him sent to prison was the zombifying of other people’s computers – they used a fairly new law, relating to “aggravated identity theft”, since people were being spammed from third-party IPs.

Spamming is technically illegal, but as long as you’re using your own IP and include an “opt-out” button that actually works as advertised, there’s a loophole for you. (If the opt-out in fact only tells the spammer that your email address is valid, he’s still a crook.)

Allow me to add my voice to the chorus of boos for this person. I hope they throw the book at him so hard it leaves a dent on his forehead.

Part of what makes me sick about spammers is their unbearable arrogance. They really do act as if they firmly believe that the internet was created solely for them to make a killing by abusing it, the same way that an insane burglar might think that people have windows on their houses solely as a means to allow his unlawful ingress.

@Knastymike – this is not really a surprise. Most of the spam is indeed sent by few skillful individuals who control large botenets and zombie farms. Sure, there are many spammers out there. But the few of them who control hundreds of thousands of infected machines really do make a difference.

Phlux – spamming purely for advertising legal businesses is not technically illegal in most states, but this is not what this dude was doing. The list of charges against him from TFA:

It’s not only that he was sending unsolicited emails to people. He was tricking them into getting infected with mallware, and was apparently running various scams, phishing and identity theft campaigns which are of course illegal.

Did anyone else notice that this guy has already paid millions in fines and had 4 bank account seized and the judge still believed him to have more than enough money to sustain his own defence. This is a prick of jerks and need to be made an example of.

The ‘interesting take’ on spam that you linked to has a number of *huge* flaws.

1) It’s 5 years out of date. The AOL figures quoted (30 million mails a day, 30% spam) became, in just a year, 2.5 *billion* emails a day, 80% of which are spam.

2) As they say in car commercials, “Your Mileage May Vary”. The author claims to get a couple of dozen emails a day, about 80% of which is spam. I get about 1200 emails a day, about a thousand of which are spam (that’s just to my regular personal address – let’s not talk about work, or the Hotmail account I keep for old times’ sake). I’ve got some spam filtering in place, but it’s still got to get to my server (over bandwidth that I pay for), and chew up CPU time for processing. I’d much rather that that go to something I *want*.

3) His comparison between the cost of sending paper junk mail and junk email misses an important point: the high cost of paper junk mail is not in the creation, but in the *postage*. There’s no cost difference to the spammer to send out a hundred emails or ten million emails, so it makes sense to the spammer to send out as many emails as possible. Paper mailers have to target much better, because their investment is so high.

There’s a lot more. He does a lot of “this is a lie” handwaving in that article, and most of it is falacious. The author seems to be focussing on spam recipients as individual users of ISPs like AOL and Road Runner. Not everyone pays $40/month for a DSL line with an email address provided by their ISP – my office is paying $300/mo, and we run our own mail server in-house. Spam costs us local disk space, processing power, and network bandwidth. My personal email account is run out of a box sitting in a colo facility for which the owner pays $250/month *plus* extra charges when he uses more than a certain amount of bandwidth.

Let’s not even talk about things like the spammers who send out spam using real e-mail addresses that are not their own in the “From” line, so that bounces and rejections flood the mailboxes of innocent people (ask me how I know!), or the spammers who take ‘remove me’ requests as proof that an email address is valid (so they can sell it to another spammer), or the spammers like Robert Soloway (from the original article) who abuse countless millions of innocent machines to blast as much of their crud out into an Internet that doesn’t want it and, really, can’t take it.

There’s one kind of spam that I don’t really understand. I do understand why someone would want to send out commercials, or scams, but I regularly get mails only containing random (often “adult”) words. What’s the point with that?

1) Experiments to see what gets through the filters. (One one machine, you send out the mail. On another, you have an e-mail account that’s on your spam list. Does message #1 get through the ISP-level spam filters? Nope. OK, let’s change it. Does message #2 get through? Etc.

2) Chaff to fool/overwhelm the filters. Send a billion crap messages using one strategy and a million real ones using a different strategy – maybe the spam people will focus on the billion and let your million slip through.

Hanover: thanks for the comments. The truth is I didn’t quite trust the article and I was a bit annoyed by the constant “I’m right, they’re wrong” throughout but I didn’t have the know-how to judge it. I was kinda hoping someone would tell me how accurate it was.

Matt P: “Not that I totally agree with it but this is an interesting take on spam and anti-spam legislation…”

That guy is a moron.

When he discusses the “big lie” he gets to Lie #2: “Spam costs alot of wasted resources & money!”

To which he responds: “Not so, not so, not so.”

To be fair, he then backs this up with supporting points. His logic is fairly faulty, but he is at least putting together an argument.

Then we get to Lie #4: “Many large ISPs have suffered major system outages as the result of massive spam campaigns.”

To which he says: “As a telecom worker for the past 5½ years I can state unequivocally that this is the most egregious lie yet. THE REAL REASON that outages occur has little to do with spam, but alot to do with poor management, & corporations that refused to invest the needed capital in updating their lines to handle the burgeoning Internet traffic.”

So (a) spam isn’t a problem because it doesn’t actually cost anyone money to deal with it; and (b) the outages caused by spam could be prevented if people spent more money deal with it.

This blatant contradiction is just the most obvious bit of idiocy in this essay. Another favorite bit can be summarzied as: “It doesn’t cost the recipients any money to deal with spam because the ISPs will just charge their customers for the extra storage space”.

I know because I’ve been doing anti-spam stuff since 1996 (when I first started to get spam to my then-work address). I’ve been working professionally in the anti-spam field (as an investigator for one of the first blocklists, or working abuse for a large ISP, or investigating clients for an email whitelisting service… now working for a law firm that specializes in anti-spam and anti-abuse prosecutions) since 2001.

Awhile ago (like 2 years) there was a legitimate spammer who was featured in a newspaper interviewing him. They withheld his address but from the newspaper article Slashdot readers were able to figure out his address and sign him up for tons of real mail to the point where he was no longer able to check his own mailbox for bills due to all the spam. He then complained about it being obnoxious preventing him from being able to do his work as well. Yet, he had no qualms about being responsible for something like a quarter of the spam in the US at the time.